我试图通过以下方式使用jboss rest轻松调用REST服务

    public ETTestCasePackage getPackageById(String packageId) throws PackageNotFound {

    ClientRequest req = new ClientRequest("https://facebook/api");
    req.header("Authorization", "Basic " + EztrackerConstants.base64AuthenticationValue);
    req.pathParameter("id", packageId);
    ETTestCasePackage etPackage = null;
    try {
        logger.info("invoking "+req.getUri());
        //ProxyFactory.create
        ClientResponse<ETTestCasePackage> res = req.get(ETTestCasePackage.class);
        etPackage = res.getEntity();
    } catch (Exception e) {
        logger.debug("Not able to retrieve details for testcase package having id = " + packageId, e);
        throw new PackageNotFound("Package with id " + packageId + " not found", e);
    }
    return etPackage;

}


但是上面的代码显然抛出了“对等未认证”;

 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
    at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:437)
    at


我可以将相应的证书添加到本地Java安全性jks中以解决此问题。
但是我可能会运行这么多机器,所以不能对所有机器都这样做。所以我想通过覆盖http检查来使我的http客户端接受所有请求。

但是对于轻松的httprequest来说,我无法找到一种方法来做到这一点。有人会帮助我做到这一点轻松吗?

提前致谢,
西姆

我已经尝试过这段代码来调用忽略的实际代码,但是仍然没有覆盖默认设置。任何使其易于使用的客户端的想法。

    private void test(){

        TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                    public void checkClientTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                    }
                    public void checkServerTrusted(
                        java.security.cert.X509Certificate[] certs, String authType) {
                    }
                }
            };

            // Install the all-trusting trust manager
            try {
                SSLContext sc = SSLContext.getInstance("SSL");
                sc.init(null, trustAllCerts, new java.security.SecureRandom());
                HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            } catch (Exception e) {
            }

    }

    static {
        //for localhost testing only
        javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
        new javax.net.ssl.HostnameVerifier(){

            public boolean verify(String hostname,
                    javax.net.ssl.SSLSession sslSession) {

                return true;
            }
        });
    }

}

最佳答案

将签名的证书用作计划A。作为计划B,例如,在以您无法控制的另一个系统的登台版本作为目标时,可以使用以下解决方案。

对于Resteasy 3,您需要向客户端实例提供您自己的全信任Httpclient。
当然,您永远不要在生产中使用它,因此请确保不要对其进行修改。

通常(使用jax-rs 2.0),您将初始化客户端,如下所示:

javax.ws.rs.client.Client client = javax.ws.rs.client.ClientBuilder.newClient();


对于所有信任的客户端,将其替换为:

Client client = null;
if (config.trustAllCertificates) {
  log.warn("Trusting all certificates. Do not use in production mode!");
  ApacheHttpClient4Engine engine = new ApacheHttpClient4Engine(createAllTrustingClient());
  client = new ResteasyClientBuilder().httpEngine(engine).build();
}
else {
  client = ClientBuilder.newClient();
}


createAllTrustingClient()如下所示:

private DefaultHttpClient createAllTrustingClient() throws GeneralSecurityException {
  SchemeRegistry registry = new SchemeRegistry();
  registry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory()));

  TrustStrategy trustStrategy = new TrustStrategy() {
    public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
      return true;
    }
  };
  SSLSocketFactory factory = new SSLSocketFactory(trustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER );
  registry.register(new Scheme("https", 443, factory));

  ThreadSafeClientConnManager mgr = new ThreadSafeClientConnManager(registry);
  mgr.setMaxTotal(1000);
  mgr.setDefaultMaxPerRoute(1000);

  DefaultHttpClient client = new DefaultHttpClient(mgr, new DefaultHttpClient().getParams());
  return client;
}


以防万一您无法确定类的包名称,以下是相关的导入:

import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;

import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;


以供参考:


https://docs.jboss.org/resteasy/docs/3.0-beta-3/userguide/html/RESTEasy_Client_Framework.html#transport_layer

07-24 09:21